nginx: document how to enable CORS support

author William Pitcock <nenolod@dereferenced.org>

Sun, 1 Apr 2018 06:25:33 +0000 (01:25 -0500)

committer William Pitcock <nenolod@dereferenced.org>

Sun, 1 Apr 2018 06:28:27 +0000 (01:28 -0500)
author William Pitcock <nenolod@dereferenced.org>
Sun, 1 Apr 2018 06:25:33 +0000 (01:25 -0500)
committer William Pitcock <nenolod@dereferenced.org>
Sun, 1 Apr 2018 06:28:27 +0000 (01:28 -0500)
diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx

index 25f6dadffc92059c72ff4ee9dee23ba27d497546..11dc6456c715d552e7afb1a22f9a642ec180d01a 100644 (file)
--- a/installation/pleroma.nginx
+++ b/installation/pleroma.nginx
@@ -28,7 +28,16 @@ server {
      gzip_http_version 1.1;                                                                                                                
      gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;      
      location / {
-        add_header 'Access-Control-Allow-Origin' '*';
+        # if you do not want remote frontends to be able to access your Pleroma backend
+        # server, remove these lines.
+        add_header 'Access-Control-Allow-Origin' '*' always;
+        add_header 'Access-Control-Allow-Methods' 'POST, GET, OPTIONS' always;
+        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
+        if ($request_method = OPTIONS) {
+            return 204;
+        }
+        # stop removing lines here.
+
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
author	William Pitcock <nenolod@dereferenced.org>
	Sun, 1 Apr 2018 06:25:33 +0000 (01:25 -0500)
committer	William Pitcock <nenolod@dereferenced.org>
	Sun, 1 Apr 2018 06:28:27 +0000 (01:28 -0500)